Merge branch 'master' of cuckoosandbox/cuckoo

cuckoosandbox · Feb 28, 2017 · 6d93f37 · 6d93f37
2 parents 2e589b4 + 85a7192
commit 6d93f37
Show file tree

Hide file tree

Showing 7 changed files with 66 additions and 5 deletions.
diff --git a/conf/qemu.conf b/conf/qemu.conf
@@ -37,7 +37,7 @@ interface = qemubr
 
 # (Optional) Specify the IP of the Result Server, as your virtual machine sees it.
 # The Result Server will always bind to the address and port specified in cuckoo.conf,
-# however you could set up your virtual network to use NAT/PAT, so you can specify here 
+# however you could set up your virtual network to use NAT/PAT, so you can specify here
 # the IP address for the Result Server as your machine sees it. If you don't specify an
 # address here, the machine will use the default value from cuckoo.conf.
 # NOTE: if you set this option you have to set result server IP to 0.0.0.0 in cuckoo.conf.
@@ -56,12 +56,25 @@ resultserver_ip = 192.168.55.1
 # specific VMs. You can run samples on VMs with tag you require.
 tags = debian_wheezy,64_bit
 
+# example of mips vm
 [vm2]
 label = vm2
 image = /home/rep/vms/qvm_wheezy64_1.qcow2
 arch = mipsel
-kernel_path = {imagepath}/vmlinux-3.16.0-4-4kc-malta-mipsel
+kernel = {imagepath}/vmlinux-3.16.0-4-4kc-malta-mipsel
 platform = linux
 ip = 192.168.55.3
 interface = qemubr
 tags = debian_wheezy,mipsel
+
+# example of arm vm
+[vm3]
+label = vm3
+image = /home/rep/vms/qvm_wheezy64_2.qcow2
+arch = arm
+kernel = {imagepath}/vmlinuz-3.2.0-4-versatile-arm
+initrd = {imagepath}/initrd-3.2.0-4-versatile-arm
+platform = linux
+ip = 192.168.55.4
+interface = qemubr
+tags = debian_wheezy,arm
diff --git a/conf/reporting.conf b/conf/reporting.conf
@@ -58,6 +58,10 @@ calls = no
 
 [moloch]
 enabled = no
+# If you wish to run Moloch in http (insecure) versus https (secure) set
+# insecure to yes
+insecure = no
+#
 # If the Moloch web interface is hosted on a different IP address than the
 # Cuckoo Web Interface then you'll want to override the IP address here.
 # host = 127.0.0.1

diff --git a/docs/book/src/installation/guest/linux.rst b/docs/book/src/installation/guest/linux.rst
@@ -0,0 +1,37 @@
+==========================
+Installing the Linux guest
+==========================
+
+Add agent to autorun, the easier way is to add it to crontab::
+
+    sudo crontab -e
+    @reboot python path_to_agent.py
+
+The following instructions are only for x32/x64 linux guests
+===========================================================
+
+Install dependencies::
+
+    sudo apt-get install systemtap gcc linux-headers-$(uname -r) 
+
+Compile Kernel extension::
+
+    wget https://raw.githubusercontent.com/cuckoosandbox/cuckoo/master/data/strace.stp
+    sudo stap -p4 -r $(uname -r) strace.stp -m stap_ -v
+
+Once finished it you should see stap_.ko in the same folder
+
+Test Kernel extension::
+
+    staprun -v ./stap_.ko
+
+Output should be something like **staprun:insert_module:x Module stap_ inserted from file path_to_stap_.ko**
+stap_.ko should be placed in /root/.cuckoo::
+
+    mkdir /root/.cuckoo
+    mv stap_.ko /root/.cuckoo/
+
+
+Disable firewall::
+    
+    sudo ufw disable
diff --git a/lib/cuckoo/core/scheduler.py b/lib/cuckoo/core/scheduler.py
@@ -52,7 +52,7 @@ def __init__(self, task_id, error_queue):
         self.binary = ""
         self.storage_binary = ""
         self.machine = None
-
+        self.route = None
         self.db = Database()
         self.task = self.db.view_task(task_id)
         self.guest_manager = None

diff --git a/modules/auxiliary/reboot.py b/modules/auxiliary/reboot.py
@@ -21,7 +21,8 @@ def cb_legacy_agent(self):
         log.error(
             "Reboot analysis is not backwards compatible with the Old Agent, "
             "please upgrade your target machine (%s) to the New Agent to use "
-            "the reboot analysis capabilities.", self.machine
+            "the reboot analysis capabilities. Use this agent for reboot analysis "
+            "https://github.com/jbremer/agent", self.machine
         )
         raise CuckooDisableModule
 

diff --git a/web/analysis/views.py b/web/analysis/views.py
@@ -349,7 +349,12 @@ def moloch(request, **kwargs):
     else:
         hostname = request.get_host()
 
-    url = "https://%s:8005/?%s" % (
+    if settings.MOLOCH_INSECURE:
+        url = "http://"
+    else:
+        url = "https://"
+
+    url += "%s:8005/?%s" % (
         settings.MOLOCH_HOST or hostname,
         urllib.urlencode({
             "date": "-1",

diff --git a/web/web/settings.py b/web/web/settings.py
@@ -47,6 +47,7 @@
 
 MOLOCH_ENABLED = cfg.moloch.get("enabled")
 MOLOCH_HOST = cfg.moloch.get("host")
+MOLOCH_INSECURE = cfg.moloch.get("insecure")
 
 # In case we have VPNs enabled we need to initialize through the following
 # two methods as they verify the interaction with VPNs as well as gather